devotee predictable random numbers (was: General Resolution: Diversity statement results)
On Thu, Jun 07, 2012 at 12:00:19AM -0700, Manoj Srivastava wrote:
>
> Once I get my act together again, I have devotee v 2.0 that I
> think is generally useful enough to package, since I have moved it to a
> command pattern based workflow, and thus people may add modules (check
> gpg sigs) or remove tham (no ldap checks), and move the action noides
> around at will (do gpg checks _after_ ldap checks)
Is "predictable RNG allows recovery of secret monikers" (CVE-2012-2387)
fixed now in devotee?
https://lists.debian.org/debian-devel/2012/04/msg00528.html
http://www.openwall.com/lists/oss-security/2012/05/22/11
Reply to: